Digital Forensics and Incident Response
Learn how to build a strong defense fabric using the latest digital forensics and incident response techniques.
(DIG-FORNSC-IR.AJ1) / ISBN : 978-1-64459-471-1About This Course
In this course, you’ll acquire specialized skills to identify and reconstruct a cybersecurity incident by collecting and analyzing digital evidence to persecute the threat actor. The digital forensics incident response solutions like threat hunting will help you capture the root cause of an attack and remove all traces of it from your network. Once enrolled, you’ll gain access to risk-free simulation labs to practice your theoretical knowledge and gain practical experience to add to your resume! So what are you waiting for? Everything you need is available in this hot-selling training courseware.
Skills You’ll Get
- Engage and manage IR teams, utilizing Security Orchestration, Automation, and Response (SOAR).
- Apply various incident investigation analyses to understand the cyber kill chain and the diamond model of intrusion analysis.
- Collect and analyze network evidence from firewalls, proxy logs, NetFlow, and packet captures using tools like Wireshark.
- Take actions to respond to ransomware incidents and investigate cyberattacks.
- Set up and use malware sandboxes for static and dynamic analysis using tools like ClamAV and YARA.
- Source and leverage threat intelligence using the MITRE ATT&CK framework.
- Work with Indicators of Compromise (IOCs) and Indicators of Attack (IOAs).
- Create hypotheses, plan and execute threat hunts, and apply digital forensic techniques and EDR tools for threat hunting.
- Manage and analyze log files using SIEMs and other tools, with a focus on Windows Event Logs.
Get the support you need. Enroll in our Instructor-Led Course.
Interactive Lessons
20+ Interactive Lessons | 148+ Exercises | 60+ Quizzes | 94+ Flashcards | 94+ Glossary of terms
Gamified TestPrep
55+ Pre Assessment Questions | 55+ Post Assessment Questions |
Hands-On Labs
29+ LiveLab | 29+ Video tutorials | 49+ Minutes
Preface
- Who this course is for
- What this course covers
- To get the most out of this course
Understanding Incident Response
- The IR process
- The IR framework
- The IR plan
- The IR playbook/handbook
- Testing the IR framework
- Summary
- Further reading
Managing Cyber Incidents
- Engaging the incident response team
- SOAR
- Incorporating crisis communications
- Incorporating containment strategies
- Getting back to normal – eradication, recovery, and post-incident activity
- Summary
- Further reading
Fundamentals of Digital Forensics
- An overview of forensic science
- Locard’s exchange principle
- Legal issues in digital forensics
- Forensic procedures in incident response
- Summary
- Further reading
Investigation Methodology
- An intrusion analysis case study: The Cuckoo’s Egg
- Types of incident investigation analysis
- Functional digital forensic investigation methodology
- The cyber kill chain
- The diamond model of intrusion analysis
- Summary
Collecting Network Evidence
- An overview of network evidence
- Firewalls and proxy logs
- NetFlow
- Packet capture
- Wireshark
- Evidence collection
- Summary
- Further reading
Acquiring Host-Based Evidence
- Preparation
- Order of volatility
- Evidence acquisition
- Acquiring volatile memory
- Acquiring non-volatile evidence
- Summary
- Further reading
Remote Evidence Collection
- Enterprise incident response challenges
- Endpoint detection and response
- Velociraptor overview and deployment
- Velociraptor scenarios
- Summary
Forensic Imaging
- Understanding forensic imaging
- Tools for imaging
- Preparing a staging drive
- Using write blockers
- Imaging techniques
- Summary
- Further reading
Analyzing Network Evidence
- Network evidence overview
- Analyzing firewall and proxy logs
- Analyzing NetFlow
- Analyzing packet captures
- Summary
- Further reading
Analyzing System Memory
- Memory analysis overview
- Memory analysis methodology
- Memory analysis tools
- Memory analysis with Strings
- Summary
- Further reading
Analyzing System Storage
- Forensic platforms
- Autopsy
- Master File Table analysis
- Prefetch analysis
- Registry analysis
- Summary
- Further reading
Analyzing Log Files
- Logs and log management
- Working with SIEMs
- Windows Logs
- Analyzing Windows Event Logs
- Summary
- Further reading
Writing the Incident Report
- Documentation overview
- Executive summary
- Incident investigation report
- Forensic report
- Preparing the incident and forensic report
- Summary
- Further reading
Ransomware Preparation and Response
- History of ransomware
- Conti ransomware case study
- Proper ransomware preparation
- Eradication and recovery
- Summary
- Further reading
Ransomware Investigations
- Ransomware initial access and execution
- Discovering credential access and theft
- Investigating post-exploitation frameworks
- Command and Control
- Investigating lateral movement techniques
- Summary
- Further reading
Malware Analysis for Incident Response
- Malware analysis overview
- Setting up a malware sandbox
- Static analysis
- Dynamic analysis
- ClamAV
- YARA
- Summary
- Further reading
Leveraging Threat Intelligence
- Threat intelligence overview
- Sourcing threat intelligence
- The MITRE ATT&CK framework
- Working with IOCs and IOAs
- Threat intelligence and incident response
- Summary
- Further reading
Threat Hunting
- Threat hunting overview
- Crafting a hypothesis
- Planning a hunt
- Digital forensic techniques for threat hunting
- EDR for threat hunting
- Summary
- Further reading
Appendix
Fundamentals of Digital Forensics
- Completing the Chain of Custody
Investigation Methodology
- Performing Reconnaissance on a Network
Collecting Network Evidence
- Installing a DHCP Server
- Performing a Proxy Server Operation
- Creating a Firewall Rule
- Capturing Packet Using RawCap
- Using tcpdump to Capture Packets
Acquiring Host-Based Evidence
- Using WinPmem for Memory Acquisition
- Using FTK Imager
- Using FTK Imager for Obtaining Protected Files
Remote Evidence Collection
- Using the Velociraptor Server
Forensic Imaging
- Preparing a Staging Drive
- Using EnCase Imager
Analyzing Network Evidence
- Working with NetworkMiner
- Capturing a Packet Using Wireshark
Analyzing System Memory
- Analyzing Malicious Activity in Memory Using Volatility
- Working with Strings in Linux
Analyzing System Storage
- Analyzing Forensic Case with Autopsy
- Viewing the Windows File Registry
Analyzing Log Files
- Creating an Event Log View
- Examining Windows Event Logs Using DeepBlueCLI
Ransomware Preparation and Response
- Understanding LPE
Ransomware Investigations
- Using Social Engineering Techniques to Plan an Attack
- Passing the Hash Using Mimikatz
Malware Analysis for Incident Response
- Analyzing Malware Using VirusTotal
- Using Process Explorer
- Handling Potential Malware Using ClamAV
Leveraging Threat Intelligence
- Examining MITRE ATT&CK
- Using Maltego to Gather Information
Any questions?Check out the FAQs
Still have unanswered questions and need to get in touch?
Contact Us NowDigital forensic and incident response (DFIR) is a specialized field of cybersecurity that collects and analyzes digital evidence to mitigate a threat incident in a timely approach.
No, there are no formal requirements to take this course. However, a basic understanding of cybersecurity, threats, and incident response will help you get started smoothly
You will learn to use the following tools:
Incident Response Tools:
- SOAR (Security Orchestration, Automation, and Response)
- Network Evidence Collection and Analysis:
- Firewalls
- Proxy logs
- NetFlow
- Packet capture
- Wireshark
- RawCap
- tcpdump
- NetworkMiner
Host-Based Evidence Collection and Analysis:
- WinPmem for memory acquisition
- FTK Imager
- Velociraptor
- EnCase Imager
- Volatility (for memory analysis)
- Strings (Linux tool)
Digital Forensics Platforms and Tools:
- Forensic platforms
- Autopsy
- Master File Table analysis tools
- Prefetch analysis tools
- Registry analysis tools
Log Analysis:
- SIEMs (Security Information and Event Management systems)
- Windows Event Logs
- DeepBlueCLI
Malware Analysis:
- Malware sandbox
- ClamAV
- YARA
- VirusTotal
- Process Explorer
Threat Intelligence and Threat Hunting:
- MITRE ATT&CK framework
- Maltego
The salary of a Digital Forensics and Incident Response Specialist can vary depending on factors such as experience, location, and specific job roles. As of 2024, the average salary for a Digital Forensics Investigator in the United States is around $74,000 to $110,000 per year.